W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: A proposal

From: Adrien de Croy <adrien@qbik.com>
Date: Tue, 19 Nov 2013 22:22:14 +0000
To: "Roberto Peon" <grmocg@gmail.com>
Cc: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>, "Mike Belshe" <mike@belshe.com>, "Roy T. Fielding" <fielding@gbiv.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
Message-Id: <emb8b0127a-c013-41cd-b26e-3d525ca81d9e@bodybag>

I think if the world moved to plaintext http/2.0, you would find that 
would become supported in Chrome.

Because you know what people do when their browser can't view a site.


------ Original Message ------
From: "Roberto Peon" <grmocg@gmail.com>
To: "Adrien de Croy" <adrien@qbik.com>
Cc: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>; "Mike Belshe" 
<mike@belshe.com>; "Roy T. Fielding" <fielding@gbiv.com>; "HTTP Working 
Group" <ietf-http-wg@w3.org>
Sent: 20/11/2013 11:18:18 a.m.
Subject: Re: A proposal
>I don't want the headaches of attempting to support something 
>non-encrypted over the public internet and would rather just deal with 
>HTTP/1.1 in the cases where encryption is disallowed or is not 
>negotiated.
>-=R
>
>
>On Tue, Nov 19, 2013 at 2:04 PM, Adrien de Croy <adrien@qbik.com> 
>wrote:
>>
>>it is interesting the biggest pushers of mandatory TLS are those who 
>>stand to suffer the least from it.  Browser makers.
>>
>>Are any server makers or (reverse-) proxy makers here proponents of 
>>mandatory TLS?  I can't imagine a server author taking the step of 
>>requiring all their customers to suddenly buy certs.  At least not be 
>>the first to do so.  They are the ones who will have to deal with the 
>>backlash and incredible inertia of getting their customers to change.
>>
>>Without servers supporting mandatory TLS, it's kinda pointless for 
>>browser makers to assert they won't implement plaintext http/2.0.  
>>Since the cert must be installed on the server (not the 
>>client/browser), I think it would be better to let the server authors 
>>take the lead on this surely?
>>
>>
>>Adrien
>>
>>
>>------ Original Message ------
>>From: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>
>>To: "Mike Belshe" <mike@belshe.com>
>>Cc: "Roy T. Fielding" <fielding@gbiv.com>; "HTTP Working Group" 
>><ietf-http-wg@w3.org>
>>Sent: 20/11/2013 8:07:15 a.m.
>>Subject: Re: A proposal
>>>
>>>Le Mar 19 novembre 2013 10:45, Mike Belshe a écrit :
>>>
>>>>  Alright, well thats all fine, but I really don't know why you're 
>>>>going off
>>>>  on this rant. Can you cite for me the specific quote from anyone on
>>>>  this
>>>>  list who declared or implied that TLS was a comprehensive solution 
>>>>for
>>>>  'security' or 'privacy'? I don't think anyone did, so this rant is 
>>>>really
>>>>  unnecessary.
>>>
>>>That's playing with words, Chrome and Mozilla representatives have 
>>>been
>>>quite clear they wanted to force a TLS-only web for 'security' and
>>>'privacy'. Even though there is a ton of things those browsers could 
>>>do
>>>*now* to improve privacy without fostering pki on everyone else.
>>>
>>>Really, it's getting quite annoying to see all this forceful selling 
>>>of
>>>TLS in the name of privacy and security while systematically 
>>>stonewalling
>>>any attempt to consider the parts of the protocol that are used to 
>>>data
>>>mine users now (let's use the business term not emotional appeals).
>>>
>>>--
>>>Nicolas Mailhot
>>>
>>>
>>
>>
>
Received on Tuesday, 19 November 2013 22:22:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC